'nother n00bie Q: Verifying the DSA signature?

Nathan D. Bowen nbowen+yadis at andtonic.com
Fri May 20 17:22:47 PDT 2005

Brad Fitzpatrick wrote:

>The DSA algorithm only ever signs up to 20 bytes.
>We do:
>     BASE64(DSA(SHA1("2005-05-20T18:30:09Z::assert_identity::blahblah")))
Ah-ha. I inferred a little too much from the fact that the Java code 
worked with "DSA" as the algorithm name -- it would've been more 
appropriate for me to specify it as "SHA1withDSA". (As is now obvious, 
Java uses "DSA", as an alias for "SHA1withDSA").

However, for a little practical advice -- I did find a solution of sorts 
to the original problem, which was "how can I check one of these 
signatures 'by hand'". The rest of the OpenID specification is simple 
enough to test by hand, but the real juicy part is verifying the 
signatures, and it's nice to have a way to test that part with existing 

Every openssl binary I could find had the "dss1" digest command missing 
from its usage output. But, it turns out that "dss1" was valid on all of 
them. For that matter, "dsaWithSHA1" worked on all of them, too.

So, openssl can be coaxed into verifying an openID signature, as long as 
you're careful about creating the input files. In particular, the 
signature has to be a binary file -- not base64 encoded -- and the input 
has to be provided without a newline.

Assuming that LiveJournal's public key is in a file called 
'ljpubkey.txt', I had success with the following:

echo 'MCwCaEtcEtcetc==' | openssl base64 -d > sigfile.raw
echo -n '2005-05-20T18:30:09Z::assert_identity::blahblah' | openssl dgst 
-dss1 -verify ljpubkey.txt -signature sigfile.raw

Hopefully that can save someone a bit of time.

More information about the yadis mailing list